doc: describe signatures creation in RELEASE.md

Mention how to use verify_release with the recently added --sign
option to create signatures for a verified release.

Signed-off-by: Lukas Puehringer <[email protected]>

Author: Lukas Puehringer

docs/RELEASE.md

@@ -43,8 +43,10 @@ on GitHub
   *An approval resumes the CD workflow to publish the release on PyPI, and to finalize the
   GitHub release (removes `-rc` suffix and updates release notes).*
 
-8. `verify_release` may be used again to make sure the PyPI release artifacts match the
-   local build as well.
+8. Run `verify_release` to make sure the PyPI release artifacts match the local build as
+   well. When called as `verify_release --sign [<key id>]` the script additionally
+   creates gpg release signatures. These signature files should be made available on the
+   GitHub release page under Assets.
 9. Announce the release on [#tuf on CNCF Slack](https://cloud-native.slack.com/archives/C8NMD3QJ3)
 10. Ensure [POUF 1](https://github.com/theupdateframework/taps/blob/master/POUFs/reference-POUF/pouf1.md),
     for the reference implementation, is up-to-date